Cisco Cisco Firepower 4110 Security Appliance
To enable configuration auditing for a managed device
1.
In the Configuration perspective, select Setup > Advanced Parameters > Configuration Audit.
2.
Select the Enable Configuration Auditing checkbox, and click Submit.
Configuring Security Reporting Settings
To support historical and real-time security-monitoring capabilities and provide in-depth attack information for
each attack event, DefensePro establishes a data-reporting protocol between the device and APSolute Vision.
This protocol, called Statistical Real-time Protocol (SRP), uses UDP packets to send attack information.
You can enable the reporting channels used by DefensePro to receive information about attacks, and to report
You can enable the reporting channels used by DefensePro to receive information about attacks, and to report
detected attacks based on their various risk levels.
You can also specify the minimal severity of the traps and syslog messages for device-health and audit events.
You can also specify the minimal severity of the traps and syslog messages for device-health and audit events.
Note:
You can specify the event types (security, device-health, and audit) for each targeted syslog server and
targeted SNMP address—in the configuration of the respective object (see
In addition, Radware DefensePro DDoS Mitigation can provide the APSolute Vision server sampled captured
packets that were identified by the Radware DefensePro DDoS Mitigation device as part of the specific attack.
Radware DefensePro DDoS Mitigation sends these packets to the specified IP address, encapsulated in UDP
packets.
Notes
•
DefensePro does not provide sampled captured packets from suspicious sources that DefensePro challenged.
(DefensePro supports an option to challenge sources in HTTP Flood Protection, SYN Flood Protection, DNS
Flood Protection, and SSL Protection.)
•
DefensePro does not provide sampled GRE-encapsulated captured packets.
You can also configure DefensePro devices to send captured attack packets along with the attack event for
further offline analysis. Packet reporting and SRP use the same default port, 2088.
To configure security reporting settings
1.
In the Configuration perspective, select Setup > Reporting Settings > Advanced Reporting Settings.
2.
Configure the parameters, and then, click Submit.
© 2016 Cisco | Radware. All rights reserved. This document is Cisco Public.
Page 109 of 281